Server Hardening Documentation

Grant posted this entry today on his blog: /grantstraker/index.cfm?mode=entry&entry=EF874C16-16C3-D74B-F738B23185FDE4AF

Server Hardening I got a request for information on hardening a server running ShadoMX so here is quick list of tasks to do this. Given every network and setup in usually different from others these are only guidelines.

1. After installation remove the shadomx/installer folder

2. At the web server level only allow access to the required IP range to ShadoMX and Shado-control folders

3. Block file browsing to the [sitename]/app_config folder

4. Follow Macromeidia guidelines for the cf administrator http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html

5. Make sure none of your site specific cfc functions are set with access="remote" unless you want them exposed via web services.

6. If you're really concerned you could write an onCreate event in ShadoMX IDE for the users class to ensure users must have passwords of specific length that also contain non alpha charaters ect.

Comments

There are no comments for this page as yet.

Add a comment

• Building Templates
• ZoomFlex
• Multilanguage
• FMS
• ColdFusion
• SOF
• NOF
• Users
• Site Tree
• Snippets
• Caching
• Search
• Database
• UI
• Misc
• Analytics
• News
•  Full RSS
  
•  Short RSS